<?php
include 'lib/controllerWithoutGetOrPost.php';
include 'lib/LoggedIn.php';
$loggedIn = new LoggedIn();
$loggedIn->setPermission = "Admin Area";
print_r($_SESSION);
if(!$loggedIn->check()) {
    echo $loggedIn->message();
} else {

include("header2.php");

$query = "select 	Person.ID, 
	Person.Surname, 
	Person.FirstNames, 
	Person.FormerName, 
	Person.NeeName, 
	Person.AlsoKnownAs, 
	Person.DeathDate, 
	Person.BirthDate, 
	Person.Age AS 'Age', 
	Person.AgeMeasure AS 'AgeMeasure', 
	CityTown.Name as 'CityTown', 
	c2.Name as 'FormerCityTown', 
	Region.Name AS 'Region', 
	Country.Name AS 'Country', 
	Charity.Name AS 'Charity', 
	FuneralHome.Name AS 'FuneralHome',
  Person.OtherInfo As 'Other Information'

from Person 
left join Region on Person.RegionID = Region.ID 
left join Country on Country.ID = Person.CountryID 
left join CityTown AS c2 on Person.FormerCityTownID = c2.ID 
left join Charity on Charity.ID = Person.CharityID 
left join FuneralHome on FuneralHome.ID = Person.FuneralHomeID 
left join CityTown on CityTown.ID = Person.CityTownID";


$blah = "WHERE (Person.Surname Like '".mysql_real_escape_string($_GET['surname'])."%' OR Person.NeeName Like '".mysql_real_escape_string($_GET['surname'])."%' OR Person.FormerName Like '".mysql_real_escape_string($_GET['surname'])."%') AND (Person.FirstNames Like '".mysql_real_escape_string($_GET['firstname'])."%' OR Person.AlsoKnownAs Like '".mysql_real_escape_string($_GET['firstname'])."%') ORDER BY Person.DeathDate DESC LIMIT 0,1000";


$query .= ' '.$blah;

//echo $query;

// Perform Query
$result = mysql_query($query, $link);

// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $query;
    die($message);
}

echo "<form action=\"search.php\" method=\"GET\">First name: 
<input type=\"text\" name=\"firstname\">
Last name: 
<input type=\"text\" name=\"surname\">
<input type=\"submit\" value=\"Submit\">
</form>";

$class1 = "odd";
$class2 = "even";
$class = $class1;

echo "<table><tr><th>ID</th><th>Surname</th><th>FirstNames</th><th>FormerName</th><th>NeeName</th><th>AlsoKnownAs</th><th>DeathDate</th><th>BirthDate</th><th>Age</th><th>AgeMeasure</th><th>CityTown</th><th>FormerCityTown</th><th>Region</th><th>Country</th><th>Charity</th><th>FuneralHome</th><th>Other Info</th></tr>\n";
while ($row = mysql_fetch_assoc($result)) {
	echo "<tr class=\"$class\"><td><a href=\"../remembrance.php?personid=".$row['ID']."\">".$row['ID']."</a></td>\n";
	echo "<td>".str_replace("&", "&amp;", $row['Surname'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['FirstNames'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['FormerName'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['NeeName'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['AlsoKnownAs'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['DeathDate'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['BirthDate'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['Age'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['AgeMeasure'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['CityTown'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['FormerCityTown'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['Region'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['Country'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['Charity'])."</td>";
echo "<td>".str_replace("&", "&amp;", $row['FuneralHome'])."</td>\n";
echo "<td>".str_replace("&", "&amp;", $row['OhterInfo'])."</td>\n</tr>\n";

if($class == $class1) {
	$class = $class2;
} else if ($class == $class2) {
	$class = $class1;
}

}
echo "</table></body></html>";


// Free the resources associated with the result set
// This is done automatically at the end of the script
mysql_free_result($result);
mysql_close($link);

}
?>
